The Cybersecurity Canon: Lexicon

Rick Howard


Category: Cybersecurity

cybersec canon red

For the past decade, I have held the notion that the security industry needs a Cybersecurity Canon: a list of must-read books where the content is timeless, genuinely represents an aspect of the community that is true and precise and that, if not read, leaves a hole in a cybersecurity professional’s education. We’ll use this space to continue to discuss candidates for inclusion.

If you’d like to hear more about my Cybersecurity Canon idea, take a look at the presentations I made at this year’s RSA Conference and at Ignite 2014. As always, I love a good argument, so feel free to let me know what you think.

Lexicon (2013) by Max Barry

Lexicon is an exciting story about social engineering taken to the nth degree. It doesn’t meet the Cybersecurity Canon criteria we established last year, but it does share some connective tissue with one of my favorite canon candidates, Snow Crash, and offers some practical advice about how modern consumers can protect themselves from media manipulation. I wouldn’t call it a must-read for the cybersecurity professional, but it sure is fun.

Introduction

Lexicon a run-and-gun conspiracy thriller in which an evil cabal, called the Poets, has mastered the art of persuasion to such a degree that its members can manipulate individuals, groups, and the media to accomplish their goals. They do this by analyzing the target in terms of emotional, intellectual, and personality state to discover just the right “trigger words” that will completely destroy any resistance in the target’s mind.

As the author, Max Barry, compels the reader to keep turning pages with this adventure, he also makes the reader think about the implications of manipulation attempts in our own society, the origins of languages in the human world and why there are so many, the more banal implications of the state collecting surveillance data on individual citizens, and the implications of our own bias as we consume information from the media.

The Story

After they receive extensive training on Poet techniques at an exclusive private school in Virginia, very similar to the Harry Potter Hogwarts School of Witchcraft and Wizardry, newly graduated Poets receive their code names. The Poets’ leader is called W. B. Yeats. The main heroine is called Virginia Woolf, and her mentor is called T. S. Eliot.

The Poets did not start out as evil. At the beginning, they simply learned how to manipulate individuals by quickly assessing their target’s mental state and looking for weakness. One consequence of that practice is that they learned how to hide their own weaknesses from their fellow Poets to prevent manipulation from within. Because of that active suppression of sharing intimate details with their friends and loved ones, their ability to sympathize with the non-Poet population, and even their own members, eroded over the years to the point that the Poets’ leadership considered non-Poets to be nothing more than another form of cattle to be managed and experimented on in order to fulfill the Poets’ goals.

Before she became Woolf, Emily was a prodigy. Poet recruiters plucked her off the streets at a young age because of her con-man skills and sent her to the private school in Virginia. But she is a rebel. She fights the suppression of her personality and is eventually exiled to a small and remote Australian town called Willow Creek until she becomes mature enough to handle the discipline it takes to be a full-fledged Poet.

There is the inevitable falling out between the Poets’ leadership and a group of Poets that feel the organization has gone too far. That confrontation is the catalyst to the entire story.

The Tech

The tech in this book is not Internet gadgetry. There are no computer hacks in the story, but the entire Poet skill set is really social engineering on a grand scale. Although the Poets’ ability to manipulate individuals and groups is purely the result of Barry’s wonderful imagination, some of the skill sets he portrays for defending against manipulation are more practical.

One important skill in this defense is an understanding of how news organizations present information to the masses. Most news organizations try to present the facts as they are currently known. Many try to report objectively. The news consumer must remember, however, that the news people within the media are making choices about what to put into a story and what to leave out – true objectivity is, by design, impossible. News people also do not have to prove anything — they can imply. In most cases, the consumer will probably never hear anything more about a particular story. By choosing which facts to present and which facts to leave out, the news organization can lead consumers down the path for them to make their own conclusions about what happened without actually having to state it out loud.

This leads to the second important skill in the defense against manipulation: getting out of your comfort zone and consuming information from media outlets that you do not agree with. Especially today, when every issue is so polarizing, it is easy to tune in to your media outlet of choice and hear spoken back to you exactly what you want to hear because you already agree with it. By staying within their own political media information bubble, consumers get manipulated into thinking that their side is the only reasonable way to think about any particular issue.

Conclusion

Lexicon is an exciting story that kept me on the edge of my seat. I can’t recommend it as a Cybersecurity Canon candidate because it does not meet the criteria we established last year, but I will recommend it as a good read.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS